tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Fix dumpstate denials related to ot_daemon

Browse source 
Bug: 313794601
Test: atest android.security.cts.SELinuxHostTest#testNoBugreportDenials
Change-Id: I5dfa427e3c7ad99ec21392d2f219f14b66dd6256
This commit is contained in:
Kangping Dong 2023-12-01 13:02:38 +08:00
parent d3fe043eb8
commit e1ee768a97
2 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
private/dumpstate.te
View file

@ -62,6 +62,9 @@ binder_call(dumpstate, automotive_display_service)
# Allow dumpstate to talk to virtual_camera service over binder
binder_call(dumpstate, virtual_camera)
# Allow dumpstate to talk to ot_daemon service over binder
binder_call(dumpstate, ot_daemon)
# Collect metrics on boot time created by init
get_prop(dumpstate, boottime_prop)
@ -71,6 +74,7 @@ allow dumpstate {
statsd
netd
virtual_camera
ot_daemon
}:process signal;
# Only allow dumpstate to dump Keystore on debuggable builds.

4
private/ot_daemon.te
View file

@ -32,3 +32,7 @@ binder_call(ot_daemon, system_server)
# Allow OT daemon to write to statsd
unix_socket_send(ot_daemon, statsdw, statsd)
# For collecting bugreports.
allow ot_daemon dumpstate:fd use;
allow ot_daemon dumpstate:fifo_file write;